-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We had some confusion regarding host keys for one of the fermilab hosts. It appears that the host key had changed (this happens) and attempts to login using ssh with protocol 1 on an SL3 (this is to work around a kerberos issue on sl3) machine failed due to the mismatch in a users known_hosts and the server's key. Despite that an SL4 system would log in just fine (using protocol 2). It appears that the host key is not checked using the GSSAPI (kerberos) authentication in this latter case. Is this normal? Is the host key pair not being used for encryption in this case so it need not be checked? If the user does not have a kerberos ticket on the SL4 system then the host key is checked and the connection fails as expected. This may not be the right place to ask this, doe anyone have a better forum for such a question?
- -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFF8ZzjCDBz0lN+7YcRAsuxAJ46QaTaJDVetCSrcKTPkof1nQCTCwCfaTLs P0BayRDg4nLfIQstTuojHc4= =TYMx -----END PGP SIGNATURE-----
begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
